General
-
Target
SaladBootstrapper.zip
-
Size
136KB
-
Sample
241109-yt5gja1emf
-
MD5
a1f1948b73910bd4fb67f4b248eec76d
-
SHA1
bd45896dfc1956bf2f2f309e35ffce4447ba74d7
-
SHA256
524e4732766ac23f7b8f4f8aab9d03b3c0ebf2c82f2a62768e3e6c5c0a047350
-
SHA512
78ad0cb4b11a4ffb167eef93778b83de97d4700dc65224ab19a8001429d57678a10643d20daed2d59b47e9aa07c289928112bab6902ecb18dd025f7bc568e59e
-
SSDEEP
3072:vHJ/sTkLaTH9HUyFhG4GCwyNFikPLGKOYNYG/fnGncvGP+xydA8QEXsLlbeALDYG:lsTiaTHTGFfyNIeKSh/fvGVlX0DYve
Static task
static1
Behavioral task
behavioral1
Sample
BSVERSION.txt
Resource
win10v2004-20241007-en
Behavioral task
behavioral2
Sample
BSVERSION.txt
Resource
win10ltsc2021-20241023-en
Malware Config
Targets
-
-
Target
BSVERSION.txt
-
Size
3B
-
MD5
a894124cc6d5c5c71afe060d5dde0762
-
SHA1
1469842b4307d36cccb487dc989f21016daadbcc
-
SHA256
8139b33952401b3ee0e2ca84651cb9a1d7f66d442bf908f9cf1f53ea746e5801
-
SHA512
7cbe7ca7a78342f88d8a3d83ab6dea5ce79587ae12451e5baffdfbe344d7b9ab0b7e4aaadd3abd0af2ea3da805cd0649e89baff33586e1ad248022c52f0f1594
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-